Re: [Dovecot] Dovecots default NTLM Version
On 062, 03 02, 2008 at 06:55:09AM +0200, Timo Sirainen wrote: > On Wed, 2008-02-27 at 12:46 +0300, Andrey Panin wrote: > > Actually there is 4 authentication submethods inside the NTLM: > > LM - server nonce only, highly vulnerable to MITM and rogue server attacks; > > NTLM- different algorithm, almost equally vulnerable as LM today; > > NTLM2 - server and client nonce, but MITM can force downgrade to > > NTLM/LM; > > NTLMv2 - server and client nonce, MITM can't force downgrade. > > > > NTLM password hash is required for NTLM, NTLM2 and NTLMv2. > > > > > > NTLMv2 can not be negotiated. It must be explicitly enabled on the client > > side > > by setting registry key below to at least 3. > > So this basically means that unless NTLMv2 is explicitly enabled on > client side, NTLM auth is insecure because MITM can force a downgrade? Yes. Without NTLMv2 MITM can force downgrade to plain NTLM and then try dictionary attack with predefined server nonce. > Would there be a point in adding a setting to make Dovecot allow only > NTLM2/NTLMv2, so a MITM-downgrade would only fail the authentication? > For example mechanisms = NTLM enables NTLM2+v2 and mechanisms = NTLM > NTLM1 enables both? This will be good for security, but bad for backward compatibility. Separate parameter (something like Windows LMCompatibilityLevel) perhaps ? > BTW. I hope you don't mind I added your mail to wiki with small > modifications: http://wiki.dovecot.org/Authentication/Mechanisms/NTLM It's ok :) -- Andrey Panin| Linux and UNIX system administrator [EMAIL PROTECTED] | PGP key: wwwkeys.pgp.net signature.asc Description: Digital signature
[Dovecot] Sieve management without shell access or homedir
Hi. Is there some user friendly application (web based, maybe a webmail addon) that can help a user manage their sieve filtering? My mail users don't have any shell access to the mail host. Most users won't have a regular home directory either. Can I store this sieve information someplace else? Either directly in LDAP, or in some database, or a common directory for all user's sieve files? /Tobias
Re: [Dovecot] Quota override problem
Hi Timo,
>> userdb static {
>> args = uid=5000 gid=5000 sieve=/home/vmail/%d/%n/.dovecot.sieve
>> }
>> userdb sql {
>> args = /etc/dovecot/dovecot-sql.conf
>> }
>
> You use userdb static before userdb sql. This means that userdb sql is
> never actually used.
>
this was correct, i didn' t saw this, thank you very much.
Oliver
Re: [Dovecot] Index corruption with squirrelmail.
Timo, That's true, the message arrived in INBOX, then I moved it to Spam and did it one more time. What I did to solve the problem without the need to expunge that specific message is just rename the file to some other name and then logged in again. # mv 1191941480.M342094P9293V0903I003B9713_0.cronos teste123 Thanks! Timo Sirainen escreveu: On Wed, 2008-02-27 at 20:36 -0300, "Fábio M. Catunda" wrote: Some addional information that I found: This problem started on 02/21/2008 when I moved a message that has id 1191941480.M342094P9293V0903I003B9713_0.cronos from .Spam folder to INBOX and then moved the message back to .Spam folder. .. Maildir /var/virtual/contactnet.com.br/fcatunda/Maildir sync: UID inserted in the middle of mailbox (8055 > 8042, file = 1191941480.M342094P9293V0903I003B9713_0.cronos,S=3129:2,ST) dovecot: 2008-02-27 17:57:46 Error: IMAP([EMAIL PROTECTED]): Corrupted index cache file You say you moved Spam -> INBOX -> Spam, but is it possible that this was originally also in INBOX? So INBOX -> Spam -> INBOX -> Spam? That's what this looks like. Anyway this kind of moving back and forth without changing filename isn't a good idea. It causes Dovecot to think that a message got "unexpunged" which gives the above error. v1.1 handles this a bit more nicely by renaming the new file, although it still logs a warning: imap(tss): Warning: Maildir /home/tss/Maildir: Expunged message reappeared, giving a new UID (old uid=365234, file=foo:2,)
Re: [Dovecot] Putscript Assertation failed in dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz
Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, during PUTSCRIPT with an user over quota: dovecot: Feb 29 13:44:17 Error: MANAGESIEVE(omuste2s) [5462]: o_stream_send_istream(/home/omuste2s/Maildir/sieve/tmp/test-1204289057.P5462Q0M951871.ux-2s11standby.sieve) failed: Disk quota exceeded dovecot: Feb 29 13:44:17 Error: MANAGESIEVE(omuste2s) [5462]: file sieve-save.c: line 306 (sieve_storage_save_abort): assertion failed: (ctx->output == NULL) Nice catch! New release should fix this (problem is not easily reproduced though): http://www.rename-it.nl/dovecot/1.0/dovecot-1.0.10-MANAGESIEVE-v9.2.diff.gz Regards, Stephan
[Dovecot] ManageSieve v0.10.1 released for Dovecot 1.1.rc1
Hello Dovecot users, I found a few annoying bugs in the ManageSieve implementation. Particularly, v0.10.0 can pollute the tmp directory of the sieve_storage directory with useless compiled script files. Change Log v0.10.1 --- * Fixed bug introduced in v0.10.0: compiled scripts were also written to disk in the sieve/tmp directory and left there. This accumulates much .sievec junk in that directory over time. * Fixed bug in tmp file generation for sieve-storage: errors other than EEXIST would cause the daemon to sleep() loop indefinitely. + Improved log lines to be more recognizable as being generated from managesieve. + Added short proxy configuration explanation to the README file + Added 'Known Issues' section to the README file - Fixed assert bug in sieve-storage occuring when save is canceled. (Last 5 changes were also back ported to new v9.2 ManageSieve version for dovecot-1.0.10, available at http://www.rename-it.nl/dovecot/1.0/) Installation The short description I provided in my previous mail is still valid: http://www.dovecot.org/list/dovecot/2008-February/028708.html New release: http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.1.tar.gz http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.1.tar.gz.sig Latest patch version is still valid: http://www.rename-it.nl/dovecot/1.1/dovecot-1.1.rc1-managesieve-0.10.0.diff.gz http://www.rename-it.nl/dovecot/1.1/dovecot-1.1.rc1-managesieve-0.10.0.diff.gz.sig (my public key (id: 3DFBB4F4) can be found at wwwkeys.pgp.net) Have fun testing the Dovecot ManageSieve service. Don't hesitate to notify me when there are problems. Regards, -- Stephan Bosch [EMAIL PROTECTED] IRC: Freenode, #dovecot, S[r]us
[Dovecot] dovecot 1.1rc1 deliver linker error without mbox
Hi, compiling dovecot-1.1rc1 with the option --with-storages=maildir,raw raises the following error: cc -std=gnu99 -g -Wall -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -o deliver auth-client.o deliver.o duplicate.o mail-send.o smtp-client.o ../lib/mountpoint.o -Wl,--export-dynamic ../lib-storage/register/libstorage-register.a ./lib-storage/list/libstorage_list.a ./../src/lib-storage/index/maildir/libstorage_maildir.a ./../src/lib-storage/index/raw/libstorage_raw.a ./../src/lib-storage/index/libstorage_index.a ./../src/lib-storage/libstorage.a ../../src/lib-index/libindex.a ./lib-imap/libimap.a ../lib-mail/libmail.a ../lib-dict/libdict.a ./lib-charset/libcharset.a ../lib/liblib.a -ldl deliver.o: In function `create_raw_stream': /home/berni/software/dovecot/dovecot-1.1.rc1/src/deliver/deliver.c:559: undefined reference to `mbox_from_parse' collect2: ld returned 1 exit status make[4]: *** [deliver] Error 1 make[4]: Leaving directory `/home/berni/software/dovecot/dovecot-1.1.rc1/src/deliver' With mbox included it compiles fine. This was not the case until at least beta13. Regards, Bernhard
Re: [Dovecot] dovecot 1.1rc1 deliver linker error without mbox
On Mar 3, 2008, at 2:35 AM, Bernhard Schmidt wrote: /home/berni/software/dovecot/dovecot-1.1.rc1/src/deliver/deliver.c: 559: undefined reference to `mbox_from_parse' Fixed: http://hg.dovecot.org/dovecot-1.1/rev/06f59be7f508 PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] How to prevent deleting mail by mailer?(SOLVED)
Mr. Sirainen
Thank you so much for your great help.
I get it by adding acl=vfile in plugin{} section.
Cheers,
Wen
> -Original Message-
> From: Timo Sirainen [mailto:[EMAIL PROTECTED]
> Sent: Sunday, March 02, 2008 1:44 PM
> To: Wen Guangcheng
> Cc: 'Dovecot Mailing List'
> Subject: Re: [Dovecot] How to prevent deleting mail by mailer?
>
> On Mon, 2008-02-25 at 17:54 +0900, Wen Guangcheng wrote:
> > Hi,
> > I have just upgraded my dovecot to the latest release/stable
> > version(1.0.10) and added "mail_plugins = acl" in protocal
> imap class of dovecot.conf file.
> > In order to make emails in /home/foo/Maildir read-only to
> foo, I wrote
> > a dovecot-acl file under /home/foo/Maildir and put
> "user=foo rl" in the file.
> > Is that OK? But unfortunately emails in /home/foo/Maildir
> still can be
> > deleted by foo. Have I missed something in my configration? I am a
> > novice at dovecot and ACL. Thanks for your help.
>
> You need to add acl=vfile to plugin {} section as well.
>
> If it still doesn't work, try "owner rl" instead.
>
>
Re: [Dovecot] dnotify inotify
Hy. Thanks to all your advices. I found that using this debian backport package quota works , but if I have exeded my quota & I want to delete mails I cannot do it so I was told to use the new quota version wich demands a patch so I found myself compilling again & with the dnotify inotify problem. AS for me is imposible to compile dovecot (sys/inotify.h is missing in Debian Etch)with inotify I wonder wich would be the problem if I compile dovecot with dnotify. Does it would be too slow? Thanks On Fri, Feb 29, 2008 at 2:10 PM, Osvaldo Alvarez Pozo <[EMAIL PROTECTED]> wrote: > Hi > yes it is there quota support. I tried it, it works. > Very good. > But when I have used 100% of the space i cannot delete any mail. > Is it possible to create a kind of warning or overpass quota for > delete operations? > Thanks > > > > > On Fri, Feb 29, 2008 at 9:13 AM, Ralf Hildebrandt > <[EMAIL PROTECTED]> wrote: > > * Gunter Ohrner <[EMAIL PROTECTED]>: > > > > > Am Donnerstag, 28. Februar 2008 schrieb Osvaldo Alvarez Pozo: > > > > > In case of 1.0.10, just take the prepared ready-to-install .deb > from > > > > > backports. > > > > > > > Does this backport package has quota available? > > > > > > Mh, sorry, I've no idea. > > > > > > Maybe someone on the mailing list can give a definitive answer. > > > > Well, usually 1.0.x does NOT have the new quota stuff. > > But why not simply look at the package :) > > > > http://packages.debian.org/etch-backports/dovecot-imapd > > > > look at the diff.gz: > > > > +## DP: Hack to support quota v2, Based heavily on email found here: > > +## DP: http://dovecot.org/list/dovecot/2006-June/014015.html > > +## DP: Author: Jonas Smedegaard <[EMAIL PROTECTED]> > > > > Yes, it's in there. Respect to the backporter, I say! > > > > -- > > Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] > > Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 > 570-155 > > http://www.arschkrebs.de > > Al Gore invented the Internet, Bill Gates deployed it. That's their > > respective stories, anyways > > >
Re: [Dovecot] GETSCRIPT Bug in dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 29 Feb 2008, Stephan Bosch wrote: Hello Stephan, I've had a discussion about this issue with one of the editors of the OK, I'll change that. All clients I know have no problem with this as they are tested against CMU ManageSieve. How did you encounter this? Are you writing your own client or did you find one that breaks? Actually, I roll my own implementation in order to debug a problem with Horde Groupware Webmail Edition v1.0.5, where one function behaves differently when using TLS or not, http://bugs.horde.org/ticket/6338 . Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHy65uVJMDrex4hCIRAtr7AKCTpa+vgozNPvffQtgg3hxfzmflpgCgxf+p 04ioDp3lGzDKYLzjLfLE5BE= =YzA9 -END PGP SIGNATURE-
